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DETAILED ACTION 

The Request for Continued Examination has been entered and processed. 

Response to Arguments 

Applicant's arguments with respect to claims 118, and 140 have been considered but are 
moot in view of the new ground(s) of rejection in view of Doi US 6,742,1 18. 

Claim Rejections - 35 USC § 112 
The following is a quotation of the first paragraph of 35 U.S.C. 112: 

The specification shall contain a written description of the invention, and of the manner and process of making 
and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it 
pertains, or with which it is most nearly connected, to make and use the same and shall set forth the best mode 
contemplated by the inventor of carrying out his invention. 

Claims 118 and 140 are rejected under 35 U.S.C. 1 12, first paragraph, as failing to 
comply with the enablement requirement. The claim(s) contains subject matter which 
was not described in the specification in such a way as to enable one skilled in the art to 
which it pertains, or with which it is most nearly connected, to make and/or use the 
invention. Claims 118 and 140 both contain the limitation that " after the construction of 
but before the sending of a data packet from the source node to the destination node as 
part of the communication attempt, intercepting the data packet at the source node;". 
While it is clear that the method of assigning identifiers happens at the source node (prior 
to sending) it is unclear in the instant specification that this happens after construction but 
before sending. It appears to the examiner that no interception takes place. The packet is 
simply constructed at the source node. Fig 2 (210 "Construct and send SYN packet using 
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session GKI/SKI". At most the examiner asserts that the insertion of identifiers occurs 
after a "connection request" (Instant Spec. [0094]) or after authentication of the SID 
(Instant Spec. [0062]) but not after the construction of a data packet. The examiner 
invites the applicant to illustrate where language can be found in the instant specification 
to support this claim limitation. 

Claim Rejections - 35 USC § 103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claim 118,119,121,125-128, 135-138, 140-142, 144, 147, 152, 159-162 are rejected 
under 35 U.S.C. 103(a) as being unpatentable over Doi US 6,742,118 in view of 
Cunningham US 6,219,786. 

Doi teaches after the construction of but before the sending of a data packet from the 
source node to the destination node as part of a communication attempt, intercepting the 
data packet at the source node (intercepting the data from the storage device by the data 
processing unit to add ID information) (Fig 1, 95, 93; Col 5 lines 10-19). 
Doi teaches assigning one or more identifiers to the communication attempt (user ID, unit 
name) (Col 4 lines 15-35). Doi teaches that the identifiers include at least of of a user 
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identifier (user ID) or a system identifier (unit name and serial number) (Col 4 lines 15- 
35. Doi teaches the system identifier (SID) is associated with the hardware of the 
source node making the communication attempt (ID contains manufacturer, unit name 
and specific serial number of the unit) (Col 4 lines 15-25). Doi teaches that the user 
identifier (UID) is associated with a specific authorized user of the source node (user ID, 
charged to use node) (Col 4 lines 1-5). Doi teaches inserting one or more identifiers 
assigned to the communication attempt into a header of the data packet to create a 
modified data packet (ID information in packet header), (Col 6 lines 1-8, Fig 4). 
Doi does not teach interception of modified data to permit or deny communication as a 
function of the one or more identifiers. 

Cunningham teaches intercepting packet data from a source node within a computer 
network after it has been sent by the source node but before it reaches the destination 
node (intercepting packets via a passive access control system or gateway access control 
system)(Col 6 lines 1-10, (Col 7 lines 15-18, ). Cunningham teaches extracting one or 
more identifiers from a packet (single packet low level information, source, destination 
addresses, and user data) (Col 7 lines 15-18, Col 7 line 67 to Col 8 line 3). Cunningham 
teaches permitting the communication attempt by the source node with the destination 
node as a function of the one or more identifiers extracted from the header of the data 
(access determination based on source and destination IP addresses, allowing connection 
or not) (Col 9 lines 1-7, Col 10 lines 37-42). It would have been obvious to one of 
ordinary skill in the art to use the ID in packet headers of Doi with the filtering system of 



Application/Control Number: 10/065,775 Page 5 

Art Unit: 2134 

Cunningham so that the system could apply rules quickly using low level information, 
(Cunningham Col 8 lines 1-3, Col 10 lines 5-10). 

As per claim 1 19, Doi does not teach filtering. Cunningham teaches forwarding the 
packet to the destination node, (allowing connection)(Col 9 lines 1-5). 

As per claim 121, 147 Doi teaches the SID is computed based on one or more constant 
identifiers obtained from the hardware of the source node (serial number) (Col 4 lines 20- 
25). 

As per claim 125, 152 Doi does not teach UDP. Cunningham teaches that the header 
may be a UDP packet and header (Col 7 lines 2-5). 

As per claim 126, and 128, 159, 160, Doi does not teach logging. Cunningham teaches 
logging the one or more identifiers from the header of the modified data packet in a 
database (storage logs maintained for all transaction data or subsets of data), (Col 9 lines 
60-65). 

As per claim 127, 161 Doi does not teach alerting a network administrator. Cunningham 
teaches alerting a network administrator (sending an email, raising an alert in a 
predetermined manner) (Col 1 1 lines 5-10). 
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As per claims 135-137, Doi does not teach interception between source and destination. 
Cunningham teaches comparing ID's to rules in order to determine if communication 
between source, and destination nodes is permitted or not permitted, (including source and 
destination identifiers, usernames, workgroups, workstation addresses), (Col 8 line 55 to 
Col 9 line 10). 

As per claim 138, Doi teaches modified packets, Doi does not teach interception between 
source and destination. Cunningham teaches evaluating permission of a communication 
attempt based on receipt of a single packet (first packet) (Col 7 line 65 to Col 8 line 3). 

As per claim 140, Doi teaches after the construction of but before the sending of a data 
packet from the source node to the destination node as part of a communication attempt, 
intercepting the data packet at the source node (intercepting the data from the storage 
device by the data processing unit to add ID information) (Fig 1, 95, 93; Col 5 lines 10- 
19). 

Doi teaches assigning one or more identifiers to the communication attempt (user ID, unit 
name) (Col 4 lines 15-35). Doi teaches that the identifiers include at least of of a user 
identifier (user ID) or a system identifier (unit name and serial number) (Col 4 lines 15- 
35. Doi teaches the system identifier (SID) is associated with the hardware of the 
source node making the communication attempt (ID contains manufacturer, unit name 
and specific serial number of the unit) (Col 4 lines 15-25). Doi teaches that the user 
identifier (UID) is associated with a specific authorized user of the source node (user ID, 
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charged to use node) (Col 4 lines 1-5). Doi teaches inserting one or more identifiers 
assigned to the communication attempt into a header of the data packet to create a 
modified data packet (ID information in packet header), (Col 6 lines 1-8, Fig 4). 
Doi does not teach interception of modified data to permit or deny communication as a 
function of the one or more identifiers. 

Cunningham teaches intercepting packet data from a source node within a computer 
network after it has been sent by the source node but before it reaches the destination 
node (intercepting packets via a passive access control system or gateway access control 
system)(Col 6 lines 1-10, (Col 7 lines 15-18, ). Cunningham teaches extracting one or 
more identifiers from a packet (single packet low level information, source, destination 
addresses, and user data) (Col 7 lines 15-18, Col 7 line 67 to Col 8 line 3). Cunningham 
teaches logging the one or more identifiers from the header of the modified data packet in 
a database (storage logs maintained for all transaction data or subsets of data), (Col 9 
lines 60-65). Cunningham teaches forwarding the packet to the destination node,(access 
determination based on source and destination IP addresses, allowing connection or not) 
(Col 9 lines 1-7, Col 10 lines 37-42). It would have been obvious to one of ordinary skill 
in the art to use the ID in packet headers of Doi with the filtering system of Cunningham 
so that the system could apply rules quickly using low level information, (Cunningham 
Col 8 lines 1-3, Col 10 lines 5-10). 

As per claim 141, Doi teaches assigning one or more identifiers to the communication 
attempt (user ID, unit name) (Col 4 lines 15-35). Doi teaches that the identifiers include 
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at least of of a user identifier (user ID) or a system identifier (unit name and serial 
number) (Col 4 lines 15-35. Doi teaches the system identifier (SID) is associated with 
the hardware of the source node making the communication attempt (ID contains 
manufacturer, unit name and specific serial number of the unit) (Col 4 lines 15-25). Doi 
teaches that the user identifier (UID) is associated with a specific authorized user of the 
source node (user ID, charged to use node) (Col 4 lines 1-5). Doi teaches inserting one or 
more identifiers. 

As per claims 142, 162 Cunningham teaches comparing UIDS with authorized UIDS 
associated with the destination node, and comparing SID's with a plurality of authorized 
SUDs associated with the destination node and taking action based on said comparisons 
(comparing ID's to filter rules of users and equipment in order to determine if 
communication between source and destination nodes is permitted), (Col 8 line 55 to Col 
9 line 35). 

As per claim 144, Doi teaches adding identifiers in addition to standard header 
information (intercepting the data from the storage device by the data processing unit to 
add ID information) (Fig 1, 95, 93; Col 5 lines 10-19). 

Claims 120, 122-124, 145, 146, 148-151 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Doi US 6,742,118 in view of Cunningham US 6,219,786 in view of 
Hayes US 2004/0215771. 
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As per claim 120, 122-124, 145, 146, 148-151 the previous Doi-Cunningham 
combination does not teach specific packet protocols. 

Hayes teaches modifying the sequence number and acknowledgement number of a 
TCP/IP header of a SYN packet (modifying values to make a combined validation key), 
[001 1], [0012]. It would have been obvious to one of ordinary skill in the art to use the 
SYN header of Hayes with the Doi-Cunningham combination because it allows inclusion 
of data without affecting the packets function [0009]. 

Claims 129-134, 153-158 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Doi US 6,742,118 Cunningham US 6,219,786 in view of Edgett US 5,796,942. 

As per claims 129-134, and 153-158 The previous Doi-Cunningham combination teaches 
modification of packets with one or more identifiers (Doi Col 4 lines 15-35). The 
previous Doi-Cunningham combination does not teach encryption. 
Edgett teaches an encryption and decryption system for identifiers including using key 
index values, and applying said key (encryption and of a password using a key, and 
including the key index with the encrypted password so that the decryption server can 
decrypt the password using the key) [0052]. 

It would have been obvious to one of ordinary skill in the art to use the key index system 
of Edgett with Cunningham because encryption increases security and the key index 
system prevents any keys from being transmitted. 
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Conclusion 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Christopher J. Brown whose telephone number is 
(571)272-3833. The examiner can normally be reached on 8:30-6:00. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kambiz Zand can be reached on (571)272-381 1. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO 
. Customer Service Representative or access to the automated information system, call 
800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

Christopher Brown 4/24/07 




